網頁

2012年7月29日 星期日

Account Lockout (part 4 of 4)

In the previous article --- Account Lockout (part 1 of 4), I ever enable NETLOGON record function by the command “nltest /dbflag:0x2080ffff” so that its behavior will be recorded on C:\Windows\Debug\netlogon.log
ScreenHunter_03 Jun. 29 13.38Or add registry entity DBFlag on “HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
ScreenHunter_23 Jun. 28 18.14In the moment, I will use nlparse.exe this utility to analyze netlogon.log
Open nlparse.exe by Run as administrator ScreenHunter_01 Jul. 12 12.06The error message will show up and tell us that component ‘comdlg32.ocx’ or one of its dependencies not correctly registered.
ScreenHunter_02 Jul. 12 12.06Search the related information about this error message by Google and find we can directly download VB6 Common Control comdlg32.ocx from this URL http://activex.microsoft.com/controls/vb6/comdlg32.CAB

After download finish, double-click comdlg32.CAB this file next to copy comdlg32.ocx to C:\Windows\SysWOW64\ScreenHunter_03 Jul. 12 13.52Open command prompt by Run as Administrator, execute “regsvr32 c:\Windows\SysWOW64\comdlg32.ocx” to register cmdlg32.ScreenHunter_04 Jul. 12 14.17If it success, please run nlparse.exe again so that Netlogon-Parse GUI will show up normally now.
ScreenHunter_05 Jul. 12 14.21Click Open button
ScreenHunter_06 Jul. 12 14.23Expand C:\Windows\debug folder and select netlogon.log this file next to click Open button
ScreenHunter_07 Jul. 12 14.24Enable 0xC000006A (no any record if authentication is Kerberos) and 0xC0000234 check box next to click Open button
ScreenHunter_08 Jul. 12 14.25You will see the message as “C:\Windows\debug\netlogon.log Done!”
ScreenHunter_09 Jul. 12 14.25Under this folder C:\Windows\debug, there are generated two file with extension format as txt and csv.
ScreenHunter_11 Jul. 12 14.27Now you can open these file to realize who is locked by which computer.

Reference
(1). Support Statement for Visual Basic 6.0 on Windows Vista, Windows Server 2008, Windows 7, and Windows 8
(2). If O.S. is 32bit, please copy comdlg32.ocx to C:\Windows\System32\(3). If the debug finish, please remember to disable NETLOGON record by command “nltest /dbflag:0x0” and restart netlogon service so that avoid the disk space overload.

<<<   Account Lockout (part 3 of 4)

沒有留言:

張貼留言

Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.